Does anyone have suggestions to prevent malicious database modification from users? I'm designing an application where basically all the runtime will be through Edge Functions, but don't want users to authenticate themselves using their bearer token for direct database access (even with RLS). Would it be best to proxy all user data through system-level database access within the function and give users zero access by themselves?

Hello @akito! This thread has been automatically created from your message in #843999948717555735 a ``few seconds ago``. Pinging @User so that they see this as well! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ... menu) and select Leave Thread to unsubscribe from future updates. Want to change the title? Use the

/title

command! We have solved your problem? Click the button below to archive it.

checkout

NOLOGIN

in https://www.postgresql.org/docs/current/sql-createrole.html

akito (2022-04-09)

note that I'm familiar with some of the opensource components of supabase such as

postgres

and

postgrest

though not that familiar with supabase it self. After thinking a few minutes the bearer token is just a token between the user and

postgrest

and won't allow a login to

postgres

db directly.

Thank you very much, I'll take a look at that

Thread was archived by @akito. Anyone can send a message to unarchive it.